<?php
/**
 * 用户注册登录 - JBlog
 * 
 * @copyright (c) 2008-2010 JBlog (www.lisijie.org)
 * @author lisijie <lisijie86@gmail.com>
 * @version $Id: user.php 551 2010-07-22 09:35:52Z lisijie86 $
*/

define('IN_ADMIN',True);

require('include/common.php');

initGP('ac');

empty($ac) && $ac = 'login';


//注销登录
if ( $ac == 'logout' ) {
	user_logout();
	show_msg(__('你已经安全退出登录，现在转到首页...'), './');
}

if ( $_USER['id'] ) {
	redirect('admin.php');
}

function user_header($title) {
	$blogname = config('blogname');
	$blogurl = config('blogurl');
	echo <<<EOT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<title>{$blogname} &raquo; {$title}</title>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
	<meta name="author" content="lisijie @ www.lisijie.org" />
	<style type="text/css" rel="stylesheet" >
	* {margin:0;padding:0;}
	body {background:#F8F8F8;font-family:'Microsoft YaHei', helvetica, Arial, Sans-Serif; color:#666; line-height:180%; font-size:14px;}
	a {color:#175796;text-decoration:none;}
	a:hover {color:red;text-decoration:none;}
	p {margin:5px 0;}
	#topbar {line-height:30px; height:30px; background: #333 url('images/logo.gif') no-repeat right;}
	#topbar a {color:#e0e0e0;}
	#topbar a:hover {color:#fff; }
	h1 {background:#226A9A; color:#fff; font:normal 22px/120% 'Microsoft YaHei';text-shadow:rgba(50,50,50,.3) 1px 1px 3px; padding:5px;background: -webkit-gradient(linear,left bottom, left top,color-stop(0, rgb(68,120,166)), color-stop(1, rgb(21,87,128)),color-stop(0.75, rgb(32,105,153)));background: -moz-linear-gradient(center bottom,rgb(68,120,166) 0%,rgb(21,87,128) 100%,rgb(32,105,153) 75%); }
	.box {width:300px; margin:0 auto;margin-top:120px; border: 1px solid #dedede;-moz-border-radius: 10px;-webkit-border-radius: 10px;-khtml-border-radius: 10px;border-radius: 10px;-moz-box-shadow: #ccc 0 4px 18px;-webkit-box-shadow: #ccc 0 4px 18px;-khtml-box-shadow: #ccc 0 4px 18px;box-shadow: #ccc 0 4px 18px;padding: 15px;
	}
	.input {width:290px;border:1px solid;border-color:#ccc #ccc #ccc #ccc;font-size:18px;font-weight:bold;font-family:Verdana;padding:4px;display:block;}
	.input:focus {border-color:#888;}
	.button {padding:3px 5px; float:right;}
	.copyright {margin-top:20px;color:#666;background:#fbfbfb;font:11px 'Verdana';text-align:center;padding:10px 0;}
	.errmsg {border:1px solid #c00; background:#FFEBE8; padding:0px 5px; font-size:12px; color:#333; }
	.sucmsg {border:1px solid #E6DB55; background:#FFFFE0; padding:0px 5px; font-size:12px; color:#333; }
	</style>
</head>
<body>
	<div id="topbar"><a href="{$blogurl}">&laquo; 返回 {$blogname}</a></div>
EOT;
}

//------------ 用户登录 --------
if ( $ac == 'login' ) {

	$errmsg = '';
	if ( check_submit() ) {
		initGP(array('account','password','remember','seccode'),'P');
		if ( empty($account) || empty($password) ) {
			redirect('user.php?ac=login');
		}
		if ( config('login_seccode') ) {
			session_start();
			if ( empty($seccode) ) {
				$errmsg = __('请输入验证码。');
			} elseif ( strtolower($seccode) != strtolower($_SESSION['seccode']) ) {
				$errmsg = __('您输入的验证码有误。');
			}
		}
		if ( empty($errmsg) ) {
			$flag = user_login($account, $password, $remember);
			switch ( $flag ) {
				case -1 : $errmsg = __('用户不存在'); break;
				case -2 : $errmsg = __('用户密码错误'); break;
				case -3 : $errmsg = __('用户尚未通过审核'); break;
				case  1 : redirect('admin.php');
			}
		}
	}
	
	user_header(__('用户登录'));
?>
	<form name="login" method="post" target="_top" action="?ac=login">
	<input type="hidden" name="dosubmit" value="yes" />
	<div class="box">
		<h1><?php _e('用户登录');?></h1>
		<?php if ( $errmsg ) : ?>
		<p>
			<div class="errmsg"><?php echo $errmsg; ?></div>
		</p>
		<?php endif; ?>
		<p>
			<label for="account"><?php _e('帐号');?></label>
			<input type="text" id="account" name="account" class="input" />
		</p>
		<p>
			<label for="password"><?php _e('密码');?></label>
			<input type="password" id="password" name="password" class="input" />
		</p>
		<?php if ( config('login_seccode') ) {?>
		<p>
			<label for="seccode"><?php _e('验证码');?></label>
			<input type="text" id="seccode" name="seccode" class="input" style="width:40px" />
			<img src="seccode.php" onclick="this.src='seccode.php?u='+ Math.random()" style="cursor:pointer;vertical-align:bottom;" alt="点击换一张验证码" />
		</p>
		<?php }?>
		<p>
			<input type="checkbox" id="remember" name="remember" /> <label for="remember"><?php _e('记住我的登录信息');?></label>
		</p>
		<p>
			<input type="submit" value="<?php _e('提交');?>" class="button" />
			<?php if ( config('allow_reg') ) : ?>
			<a href="?ac=reg"><?php _e('注册'); ?></a> | 
			<?php endif; ?>
			<a href="?ac=lostpassword"><?php _e('忘记密码？'); ?></a>
		</p>
	</div>
	</form>
	<script>
	try{document.getElementById('account').focus();} catch(e) {};
	</script>
<?php 
} 
//------------ 用户注册 --------
elseif ( $ac == 'reg' ) {
	
	user_header('用户注册');

	if ( !config('allow_reg') ) {
		show_msg('对不起，本站已关闭新用户注册！');
	}
	$errmsg = '';
	if ( check_submit() ) {
		initGP(array('username','email'),'P');
		if ( empty($username) || empty($email) ) {
			redirect('user.php?ac=reg');
		}
		if ( strlen($username) < 3 || strlen($username) > 15 ) {
			$errmsg = __('用户名长度必须在3-15字节之间。');
		} elseif ( !is_username($username) || is_banname($username) ) {
			$errmsg = __('用户名中含有非法字符或系统禁用关键字。');
		} elseif ( get_user($username,'username') ) {
			$errmsg = __('用户 <b>%s</b> 已存在。', $username);
		} elseif ( !is_email($email) ) {
			$errmsg = __('<b>%s</b> 不是有效的Email地址。', $email);
		} elseif ( get_user($email, 'email') ) {
			$errmsg = __('您输入的Email地址已经注册过了。');
		}
		if ( empty($errmsg) ) {
			$password = random(8);
			$user = array(
				'username' => $username,
				'password' => $password,
				'email' => $email,
				'sex' => 0,
				'regtime' => NOW
			);
			require_once JBLOG_INC.'class_mailer.php';
			$subject = __('您在 %s 的注册信息', config('blogname'));
			$body = config('register_mail_body');
			$body = str_replace(
				array('{username}','{password}','{email}','{blogname}','{blogurl}','{regtime}'),
				array($username, $password, $email, config('blogname'), config('blogurl'), get_date(NOW)),
				$body
			);
			if ( sendmail($subject, $body, $email, $username) ) {
				$db->insert('user', $user);
				show_msg(__('注册完成。密码已发送到您的邮箱，请注意查收。'), 'user.php?ac=login', 10);
			} else {
				$errmsg = __('邮件发送失败，请联系管理员。');
			}
		}
	}
?>
	<form name="s" method="post" action="?ac=reg">
	<input type="hidden" name="dosubmit" value="yes">
	<div class="box">
		<h1><?php _e('用户注册');?></h1>
		<?php if ( $errmsg ) : ?>
		<p>
			<div class="errmsg"><?php echo $errmsg; ?></div>
		</p>
		<?php endif; ?>
		<p>
			<label for="username"><?php _e('用户名');?></label>
			<input type="text" id="username" name="username" class="input" />
		</p>
		<p>
			<label for="email"><?php _e('邮箱');?></label>
			<input type="text" id="email" name="email" class="input" />
		</p>
		<p><?php _e('密码将通过电子邮件发送给您。');?></p>
		<p>
			<input type="submit" value="<?php _e('提交');?>" class="button" />
			<a href="?ac=login"><?php _e('登录'); ?></a> | <a href="?ac=lostpassword"><?php _e('忘记密码？'); ?></a>
		</p>
	</div>
	</form>
	<script>try{document.getElementById('username').focus();}catch(e){}</script>
<?php
}
//忘记密码
elseif ( $ac == 'lostpassword' ) {
	$errmsg = '';
	if ( check_submit() ) {
		initGP('account', 'P');
		if ( empty($account) ) {
			redirect('user.php?ac=lostpassword');
		}
		$field = is_email($account) ? 'email' : 'username';
		$user = get_user($account, $field);
		if ( ! $user ) {
			$errmsg = __('无效的用户名或邮箱');
		} else {
			$subject = __('您在 %s 的密码重置邮件', config('blogname'));
			$newpassword = random(8);
			$code = authcode("{$user[id]}\t{$user[password]}\t{$newpassword}");
			$url  = config('blogurl') . '/user.php?ac=resetpassword&code='.$code;
			$body = config('lostpassword_mail_body');
			$body = str_replace(
				array('{username}','{newpassword}','{blogname}','{blogurl}','{time}','{url}'),
				array($user['username'], $newpassword, config('blogname'), config('blogurl'), get_date(NOW), $url),
				$body
			);
			if ( sendmail($subject, $body, $user['email'], $user['username']) ) {
				show_msg(__('新密码激活邮件已经发送到您的邮箱，请注意查收。'), 'user.php?ac=login', 10);
			} else {
				$errmsg = __('邮件发送失败，请联系管理员。');
			}
		}
	}
	
	user_header(__('忘记密码'));
?>
	<form name="s" method="post" action="?ac=lostpassword">
	<input type="hidden" name="dosubmit" value="yes">
	<div class="box">
		<h1><?php _e('忘记密码');?></h1>
		<?php if ( $errmsg ) : ?>
		<p>
			<div class="errmsg"><?php echo $errmsg; ?></div>
		</p>
		<?php endif; ?>
		<p>
			<label for="account"><?php _e('用户名或邮箱：');?></label>
			<input type="text" id="account" name="account" class="input" />
		</p>
		<p><?php _e('您将通过电子邮件收到新密码。');?></p>
		<p>
			<input type="submit" value="<?php _e('获取新密码');?>" class="button" />
			<a href="?ac=login"><?php _e('登录'); ?></a>
			<?php if ( config('allow_reg') ) : ?> | <a href="?ac=reg"><?php _e('注册'); ?></a><?php endif; ?>
		</p>
	</div>
	</form>
<?php 
}
//重置密码
elseif ( $ac == 'resetpassword' ) {
	initGP('code');
	$flag = false;
	if ( $code ) {
		$code = authcode($code, 'DECODE');
		list($userid, $password, $newpassword) = explode("\t", $code);
		if ( $userid && $password && $newpassword ) {
			$user = get_user($userid, 'id');
			if ( $user && $user['password'] == $password ) {
				$newpassword = trim($newpassword);
				update_user($userid, array('password' => md5($newpassword)));
				user_header(__('您的密码已修改'));
				echo '
				<div class="box">
					<h1>'.__('您的密码已修改').'</h1>
					<p>'.__('您的新密码是：<b>%s</b>', $newpassword).'</p>
					<p><a href="?ac=login">'.__('登录').'</a></p>
				</div>
				';
				$flag = true;
			}
		}
	}
	if ( !$flag ) {
		show_msg(__('激活链接无效或已过期'));
	}
}
?>
	<p class="copyright">Powered by <a href="http://www.lisijie.org" target="_blank">JBlog <?=JBLOG_VERSION?></a> &copy 2008-2010, <a href="http://www.lisijie.org" target="_blank">lisijie.org</a>.</p>
</body>
</html>